base64 functions with SASL in INN

Julien ÉLIE julien at
Fri Jun 19 19:56:01 UTC 2009

Hi Russ,

> I guess my point is that, in this code, if we tell SASL that it has a
> buffer of outlen*2 + 10 and it actually writes to all of that, we won't
> be able to append the CRLF, so we'll generate an invalid reply.  If we
> tell it we have a buffer of size outlen*2 + 8, we'll be assured that we
> have enough space for the CRLF to be appended.

Ah, OK, I understand.

Then I see we have another bug here in imap_connection:

      /* convert to base64 */
      inbase64 = xmalloc(outlen*2+10);

      saslresult = sasl_encode64(out, outlen,
            inbase64, outlen*2+10,
            (unsigned *) &inbase64len);

      /* add an endline */
      strlcpy(inbase64 + inbase64len, "\r\n", outlen * 2 + 10);

      /* send to server */
      result = WriteToWire_lmtpstr(cxn,inbase64, inbase64len+2);

strlcpy may write out of where it should...

The right thing is malloc "+10", out "+8" and copy "+10 - inbase64len".

By the way, imap_connection does not seem easy to maintain...  (Well,
like innfeed!)  I have never tested it...

Julien ÉLIE

« C'est aussi un camp romain corse, Vanitasuanitatum. » 

More information about the inn-workers mailing list